Cybersecurity and Community Colleges
Community college in Iowa breached
Colleges and universities are much like medical facilities in the eyes of the attackers. They both may not have the best defenses in place and hold a mass amount of data on their clients (i.e. students and patients). Also, for both, there have been many, many breaches in the last three years, as noted by the published compromises.
The colleges in Iowa are no different and have been targeted. This time, the Des Moines Area Community College was targeted and breached. An unfortunate side effect of this was for the students, the school needing to be shut down for a few days.
The issue began on a Friday as the incident became known, and the school had to partially shut down its network. This continued through Tuesday. Fortunately, the in-person classes resumed on Wednesday. A date for the online classes to start back-up had not been around.
To assist with the forensic investigation, the FBI was contacted and is involved. Unfortunately, there have been no published details of the attack. The breach again shows us anyone is a target, and your defenses have to be kept up to date.
6/21/2021 Update: The community college does have cybersecurity insurance. The insurance company was negotiating with the attackers. This was indeed yet another ransomware attack. As part of the forensic review the SME did check over 6K of the college’s computer.